-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2009-02-13 08:45:10 UTC
-
Revision ID:
package-import@ubuntu.com-20090213084510-36epokxvo6raczzn
Tags: 1:1.5.6.3-1.1ubuntu2.1
* SECURITY UPDATE: arbitrary code execution via long PATH in diff_addremove
and diff_change (LP: #248750)
- Previous CVE-2008-3546 patch was incomplete
- debian/diff/0006-CVE-2008-3546-missing-part.diff: safely build the full
path in attr.c and builtin-grep.c.
- CVE-2008-3546
* SECURITY UPDATE: arbitrary command execution via diff.external configuration
variable.
- debian/diff/0007-CVE-2008-5916.diff: remove unused legacy-style URI code
in gitweb/gitweb.perl.
- CVE-2008-5916